Network congestion control using NetFlow

Size: px
Start display at page:

Download "Network congestion control using NetFlow"

Transcription

1 Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements. A network element is congested if it is being offered more traffic than it can process. To detect such situations and to neutralize them we should monitor traffic in the network. In this paper, we propose using Cisco s NetFlow technology, which allows collecting statistics about traffic in the network by generating special NetFlow packets. Cisco s routers can send NetFlow packets to a special node, so we can collect these packets, analyze its content and detect network congestion. We use Cisco s feature as example, some other vendors (Juniper, 3COM, Alcatel, etc.) provide similar features for their routers. We also consider a simple system, which collects statistical information about network elements, determines overloaded elements and identifies flows, which congest them.

2 1. Introduction The goal of congestion control is to avoid congestion in network elements. A network element is congested, if it is being offered more traffic than it can process. Congestion control is control of resources: routers CPUs, bandwidth of links, routers memory, etc. If we don t control our network, there is potential for a serious trouble. When some network element becomes congested, it processes traffic very slowly and some packets are lost. Therefore, users don t receive expected packets (or conformation of delivery) in the time limit. Users begin to resubmit packets and new packets cause further congestion. Such situation is called congestive collapse. Congestive collapse was explored as possible problem in 1984 by John Nagle [1]. First well-known congestive collapse happened with NSFNet in 1986: capacity of backbone dropped from 32 kbit/s to 40 bit/s. First congestion control algorithm was introduced by Van Jacobson in 1987 [2]. If we can t offer high-speed service to all users, we should restrict consumption of resources by users to avoid congestion. So, all users get satisfactory service continuously. If we permit unlimited using of resources, it can cause congestive collapse and all network services become unavailable. Congestion control system usually works in the following way. The system monitors various factors (e.g. router s CPU occupancy, link occupancy, percent of delivered packets, messaging delays, etc.). Based on this information the system detects possible congestion. If the system has detected an incipient congestion, it restricts traffic rates in some network elements and continues to monitor the state of the network. This activity reduces traffic through these elements. When elements will have been unloaded, the system will restore normal traffic rates in these elements. Thus, congestion control system must have opportunity to monitor the state of the network. A traditional approach is using SNMP. SNMP-approach is very limited: we can t get detailed information about the network. For detailed information, we can use special features (e.g. NetFlow, IPFIX, jflow, sflow, NetStream). The main idea is generating packets, which contain information about router s active flows. The features permit to decompose network flows according to various attributes (IPs, protocols, interfaces, ports, etc.). You can find information about congestion control in [7, 8]. Many RFCs have been written about congestion control, section References contains some of them [3-6].

3 2. Fundamentals of NetFlow technology NetFlow is Cisco s technology, which allows collecting information about network traffic [9]. NetFlow technology includes three parts: NetFlow exporter enables to generate UDP packets, which contain information about flows passing through the router, and send information to special node (NetFlow collector). Cisco s routers can be exporters. NetFlow collector saves received packets to the data storage; Analyzer is special software, which analyses received data. A router considers traffic as a collection of flows and stores a cache entry for each active flow. A router inspects each received packet and creates a new cache entry (if the packet doesn t belong to active flows) or updates one of existing entries (if the packet belongs to an existing flow). Two packets are from one flow, if they have the same following fields: Source IP address; Destination IP address; Source port number; Destination port number; Layer 3 protocol type; Type of service byte; Router or switch interface. These fields are called key-fields; other fields are called non-key-fields. When a flow becomes inactive, a router places its cache entry to NetFlow packet. A router considers a flow inactive, if a router doesn t receive any packets of the flow (by default: 15 sec). A router also considers a flow inactive, if a flow is long lived (by default: 30 min). UDP doesn t guarantee reliable service, so datagrams may arrive out of order, appear duplicates and some datagrams may be lost. To correct such errors a packet contains a special field: number of flows, which were inspected by the router. Using this field we can reject duplicates and process datagrams in the correct order. Each NetFlow packet consists of a header and a sequence of flow records. A record contains information about one flow (IP addresses, ports, number of packets, etc). A header contains version of NetFlow, number of flows in this packets (1-30), time since the router booted, etc. Flexible NetFlow overcomes limitations with key-fields: we can specify own set of key-fields [10]. So we receive only interesting information, we can aggregate all

4 flows in groups before exporting to the collector (for example, if we would like to analyze protocol usage, then we specify single key-field protocol type), Flexible NetFlow introduce a collection of new available fields (for example, IPv6, information from layer 2 to layer 7). Versions 5 and 9 are most popular versions of NetFlow [11]. IPFIX (IP Flow Information Export) is version 9 standardized by IETF [12]. We use Cisco s feature as example, some other vendors (Juniper, 3COM, Alcatel, etc.) provide similar features for their routers. You can find more information about NetFlow on Cisco s official site NetFlow provides only collecting of statistical information about network. We can apply this information to detect congestion, to mining dependency between flows, to detect anomalies and viruses, to optimize the utilization of network resources, to monitor application and network usage, etc. (as examples [13-15]). These problems are interrelated. For example, some viruses initiate network congestion, so congestion control system can work as indicator of active viruses; knowledge about network dependencies helps to understand causes of congestion.

5 3. Using NetFlow for congestion control A traditional method of performance monitoring is using SNMP (Simple Network Management Protocol). SNMP permits to monitor bandwidth, so we can use information obtained by SNMP for capacity planning. However, it is not enough to understand how well the network supports the business. More detailed knowledge of flow is extremely important in networks today. Understanding, which applications and IP addresses are generating the traffic, is priceless. Using NetFlow technology, we obtain granular information about usage of network elements: we can monitor number of bytes and number of packets, which are processed by each router and by each link (using corresponding fields in NetFlow packets); we can analyze, which flows stress certain routers and links (using key-fields of active flow: source and destination IP, ports, protocol, ToS, interface); we can use timestamps fields to build historical usage trends (start of the flow, last received packet of the flow). Historical trends can be built for different periods of time: hours, days, weeks, months, etc.; we know paths used for packet delivering (field Next Hop ); we can collect statistics only about interested interfaces; we can observe interaction between autonomous systems, group of addresses, subnets. In one word, all fields in NetFlow packets can be useful. Extended collection of Flexible NetFlow fields make this technology more attractive. So, we can obtain information about existing (or incipient) congestion. If we ve obtained necessary information about network, we can analyze the state of the network to find overloaded network elements, which work as bottleneck. Next step is to restrict traffic in these elements (by reducing bandwidth of some routers or links) or to re-distribute the part of traffic between other network elements (by changing routing tables in routers). On the contrary, if the system detects that some network elements work with too low rates, the system increases the load of these elements. Congestion control system can work in different ways: Off-line monitoring system. The system can analyze collected historical information about network and report about overloaded segments of network. To unload these segments the system provides information about causes of

6 existing problems. If we have collected information for a long period, we plan changes of our network (e.g. capacity and topology planning). On-line monitoring system. The system analyzes and collects information simultaneously (instead of previous case, where we analyze collected information). We obtain information about the network online, so we can manually change the network state. Controlling system. The system can change parameters and state of the network online. The system usually changes routing tables and traffic rates. Instead of previous case this system makes changes in automatically mode. Types of system are listed in increasing order of efficiently. First system can t prevent serious congestion problems; we can only analyze causes of these problems. Using the next system, we can detect incipient congestion, but we should make changes manually and if the network is large, it may be inconvenient. Last system is the most effective one, but more complex; this system works automatically. A system can be organized as a collection of alerts. Each alert corresponds to a resource of a network element. If usage of the resource exceeds assigned threshold, the system signalizes about incipient congestion. A necessary part of the congestion control system is data storage. Ordinary files can be used, but for large networks it should be a database.

7 4. Example of congestion control system We would like to discuss simple congestion control system in Java. Using of our system consists of the following steps: 1. Configuring hosts in the network to send NetFlow v5 packets to our NetFlow collector. 2. Collecting information about network flows for a long period. The collector saves necessary fields of packets to a file (source and destination IPs and ports, timestamps, protocols, number of Layer 3 bytes, etc.). 3. Building some tables for analyzing the state of the network. 4. Analyzing tables and changing network parameters. To analyze data we build the following statistical tables (to make examples more clear we use NetFlow packets, which are generated artificial): A. The load of hosts IP Total MB [6%-22%-23%-40%-3%-4%] MB [1%-22%-21%-33%-16%-3%] MB [5%-13%-22%-20%-13%-25%] Using the table we can estimate the load of each host. We can replace our routers corresponding to their load. For each host we show its IP address, total traffic and a distribution of the traffic over different periods of a day (we assume that a day consists of six 4-hour periods). Hosts are sorted in increasing order by total traffic. B. The load of links => Total: MB : > : % (151.1 MB) : > : % (121.9 MB) : > : % (15.7 MB) The example shows statistic for a link. We can see conversations, which are using maximal bandwidth. In this example we see, that first two conversations load the link most of all, so if we want to unload the link, we should change the path of one of these conversations. If we change the path of last conversation, it doesn t change the load of the link essentially. C. The most unloaded links => MB => MB => MB => MB => MB

8 We can use these links to unload other links. D. Conversations : > : => MB (of MB) => MB (of MB) => MB (of MB) => MB (of MB) => MB (of MB) Conversation is defined by four parameters: source and destination IPs and ports. For each conversation, we build the list of links, which are used for that conversation (in parentheses we show total traffic in the link). E. Interactions with other hosts and protocol distribution MB (68%) MB (14%) MB (11%) MB (5%) Total traffic: 91.0 MB Protocols: TCP - 77%, UDP - 11%, Other - 11% For each host we display the list of hosts, which interact with that host. We also display total traffic for each interaction. Last line contains protocol distribution for that host. F. Input and output traffic *** *** IN MB [0%-0%-62%-2%-0%-34%] OUT MB [0%-4%-47%-47%-0%-0%] IN&OUT MB [0%-2%-53%-31%-0%-12%] For each host we display input, output and total traffic. We also display distribution of the traffic over time (day is divided into six 4-hour periods). G. Active ports of host : MB (33%) : MB (31%) : MB (16%) : MB (10%) : MB (4%) : MB (1%) : MB (0%) Total: MB Active ports of the host (with total traffic). Each network service is assigned to one or more ports; so we can estimate how many traffic the service produces and consumes. Use case: We are not satisfied by working of the service, which are located on and uses port We find hosts, which interact with and find conversations, which are using port So, we know links and routers, which support this conversation. We analyze the load of these elements and find bottlenecks, which delay the service. We know conversations, which load bottlenecks. Finally, we change parameters of some network elements to unload bottlenecks. Thus, these tables permit to analyze the state of the network, to detect possible congestion and to make a decision about changes. We show elementary examples. These examples can be combined to produce tables that are more complex.

9 5. Conclusion Network congestion is an actual problem today. We have considered using NetFlow for network congestion control, because NetFlow is very powerful tool for collecting information about network traffic. To optimize network we can change routing tables on routers, we can replace some of network elements (routers and links) and we can change the topology of the network. Obtained data allow distributing application between hosts in optimal way (for example, using information about conversations we can minimize traffic in the network). Suitable data storage is very important for such systems. We use ordinary files, but it is the simplest way. It is not satisfactorily for large data streams, so we should use another data storage in our system. There are some novel solutions to support highspeed incremental collecting and analyzing traffic information (e.g. aggregation databases [16], sketches [17]). These solutions use special properties of flow-based traffic information to make data processing more effectively. Using our system network administrator obtains information about overloaded (and unloaded) elements, but the system doesn t propose explicit actions to unload congested elements. Thus, the next step is developing algorithms, which analyze collected information and find a solution (for example, the system proposes optimal way to redistribute traffic).

10 References [1] John Nagle. Congestion Control in IP/TCP Internetworks. RFC [2] Van Jacobson, Michael J. Karels. Congestion Avoidance and Control [3] E. Kohler, M. Handley, S. Floyd. Datagram Congestion Control Protocol (DCCP). RFC [4] M. Allman, V. Paxson, E. Blanton. TCP Congestion Control. RFC [5] S. Floyd, M. Allman. Specifying New Congestion Control Algorithms. RFC [6] S. Floyd. Congestion Control Principles. RFC [7] Welzl M. Network Congestion Control: Managing Internet Traffic. 263 p [8] R. Srikant. The Mathematics of Internet Congestion Control. 164 p [9] Introduction to Cisco IOS NetFlow - A Technical Overview (Cisco s official site [10] Cisco IOS Flexible NetFlow Technology White Paper (Cisco s official site [11] B. Claise. Cisco Systems NetFlow Services Export Version 9. RFC [12] B. Claise. Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC [13] A. Kind, M. Stoecklin, X. Dimitropoulos. Histogram-based Traffic Anomaly Detection. IEEE Transactions on Network and Service Management, 2009 [14] A. Caracas, D. Dechouniotis, S. Fussenegger, D. Gantenbein, A. Kind. Mining Semantic Relations using NetFlow. 3 rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008). [15] N. Duffield, C. Lund. Predicting resource usage and estimation accuracy in an IP flow measurement collection infrastructure. 3 rd ACM SIGCOMM conference on Internet measurement, [16] A. Kind, P. Hurley, J. Massar. A Light-Weight and Scalable Network Profiling System. European Research Consortium for Informatics and Mathematics, pp , [17] X. Dimitropoulos, M. Stoecklin, P. Hurley, A. Kind. The Eternal Sunshine of the Sketch Data Structure. Elsevier Computer Networks, 2008.

Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on Errors of Utilized Bandwidth Measured by NetFlow Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010

Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Network traffic monitoring and management Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring

More information

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o. NetFlow: What is it, why and how to use it?, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda What is NetFlow? What are the benefits? How to deploy NetFlow? Questions 2 / 22 What is NetFlow? NetFlow

More information

Scalable Extraction, Aggregation, and Response to Network Intelligence

Scalable Extraction, Aggregation, and Response to Network Intelligence Scalable Extraction, Aggregation, and Response to Network Intelligence Agenda Explain the two major limitations of using Netflow for Network Monitoring Scalability and Visibility How to resolve these issues

More information

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

More information

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B. ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow

More information

Flow Based Traffic Analysis

Flow Based Traffic Analysis Flow based Traffic Analysis Muraleedharan N C-DAC Bangalore Electronics City murali@ncb.ernet.in Challenges in Packet level traffic Analysis Network traffic grows in volume and complexity Capture and decode

More information

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to

More information

Configuring Flexible NetFlow

Configuring Flexible NetFlow CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring

More information

NetFlow/IPFIX Various Thoughts

NetFlow/IPFIX Various Thoughts NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application

More information

NetFlow-Lite offers network administrators and engineers the following capabilities:

NetFlow-Lite offers network administrators and engineers the following capabilities: Solution Overview Cisco NetFlow-Lite Introduction As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require

More information

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Flow Analysis. Make A Right Policy for Your Network. GenieNRM Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do

More information

Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview. PacNOG 6 Nadi, Fiji Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

More information

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6 (Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means

More information

UKCMG Industry Forum November 2006

UKCMG Industry Forum November 2006 UKCMG Industry Forum November 2006 Capacity and Performance Management of IP Networks Using IP Flow Measurement Agenda Challenges of capacity and performance management of IP based networks What is IP

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

Traffic Monitoring using sflow

Traffic Monitoring using sflow Making the Network Visible www.sflow.org Traffic Monitoring using sflow With the ever-increasing reliance on network services for business critical applications, the smallest change in network usage can

More information

Securing and Monitoring BYOD Networks using NetFlow

Securing and Monitoring BYOD Networks using NetFlow Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

Lab 4.1.2 Characterizing Network Applications

Lab 4.1.2 Characterizing Network Applications Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1

More information

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,

More information

8. 網路流量管理 Network Traffic Management

8. 網路流量管理 Network Traffic Management 8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error

More information

sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007

sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007 sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007 Richard A. Steenbergen nlayer Communications, Inc. What is sflow? sflow is a standards based protocol for exporting

More information

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.

More information

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK

More information

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,

More information

EMIST Network Traffic Digesting (NTD) Tool Manual (Version I)

EMIST Network Traffic Digesting (NTD) Tool Manual (Version I) EMIST Network Traffic Digesting (NTD) Tool Manual (Version I) J. Wang, D.J. Miller and G. Kesidis CSE & EE Depts, Penn State EMIST NTD Tool Manual (Version I) Page 1 of 7 Table of Contents 1. Overview...

More information

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches APPLICATION NOTE Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2009, Juniper Networks,

More information

Fluke Networks NetFlow Tracker

Fluke Networks NetFlow Tracker Fluke Networks NetFlow Tracker Quick Install Guide for Product Evaluations Pre-installation and Installation Tasks Minimum System Requirements The type of system required to run NetFlow Tracker depends

More information

Beyond Monitoring Root-Cause Analysis

Beyond Monitoring Root-Cause Analysis WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document Produced by AMRES NMS Group (AMRES BPD 104) Author: Ivan Ivanović November 2011 TERENA 2010. All rights reserved.

More information

Enhancing Flow Based Network Monitoring

Enhancing Flow Based Network Monitoring Enhancing Flow Based Network Monitoring Flow-based technologies such as NetFlow, sflow, J-Flow, and IPFIX are increasingly popular tools used by network operators. The tools leverage the capabilities embedded

More information

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE) 1/28 2/28 TE in action S-38.3192 Verkkopalvelujen tuotanto S-38.3192 Network Service Provisioning Networking laboratory 3/28 4/28 Concept of Traffic Engineering (TE) Traffic Engineering (TE) (Traffic Management)

More information

NetFlow The De Facto Standard for Traffic Analytics

NetFlow The De Facto Standard for Traffic Analytics NetFlow The De Facto Standard for Traffic Analytics A Webinar on NetFlow and its uses in Enterprise Networks for Bandwidth and Traffic Analytics Don Thomas Jacob Technical Marketing Engineer ManageEngine

More information

Overview of Network Traffic Analysis

Overview of Network Traffic Analysis Overview of Network Traffic Analysis Network Traffic Analysis identifies which users or applications are generating traffic on your network and how much network bandwidth they are consuming. For example,

More information

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at

More information

Configuring NetFlow Switching

Configuring NetFlow Switching Configuring NetFlow Switching This chapter describes how to configure NetFlow switching. For a complete description of NetFlow commands used in this chapter, refer to the Cisco IOS Switching s chapter

More information

Chapter 2 NETWORK LAYER

Chapter 2 NETWORK LAYER Chapter 2 NETWORK LAYER This chapter provides an overview of the most important and common protocols associated with the TCP/IP network layer. These include: Internet Protocol (IP), Routing protocols Routing

More information

Network Management & Monitoring

Network Management & Monitoring Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Network Monitoring and Management NetFlow Overview

Network Monitoring and Management NetFlow Overview Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

The Value of Flow Data for Peering Decisions

The Value of Flow Data for Peering Decisions The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by

More information

PANDORA FMS NETWORK DEVICES MONITORING

PANDORA FMS NETWORK DEVICES MONITORING NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,

More information

NetFlow Performance Analysis

NetFlow Performance Analysis NetFlow Performance Analysis Last Updated: May, 2007 The Cisco IOS NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device. Network

More information

New York University Computer Science Department Courant Institute of Mathematical Sciences

New York University Computer Science Department Courant Institute of Mathematical Sciences ew York University Computer Science Department Courant Institute of Mathematical Sciences Course Title: Data Communication & etworks Course umber: g22.2662-00 Instructor: Jean-Claude Franchitti Session:

More information

NetFlow v9 Export Format

NetFlow v9 Export Format NetFlow v9 Export Format With this release, NetFlow can export data in NetFlow v9 (version 9) export format. This format is flexible and extensible, which provides the versatility needed to support new

More information

OpenDaylight Project Proposal Dynamic Flow Management

OpenDaylight Project Proposal Dynamic Flow Management OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table

More information

Monitoring and analyzing audio, video, and multimedia traffic on the network

Monitoring and analyzing audio, video, and multimedia traffic on the network Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University

More information

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER CHAPTER 16 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 16-1 Licensing Requirements

More information

Traffic monitoring with sflow and ProCurve Manager Plus

Traffic monitoring with sflow and ProCurve Manager Plus An HP ProCurve Networking Application Note Traffic monitoring with sflow and ProCurve Manager Plus Contents 1. Introduction... 3 2. Prerequisites... 3 3. Network diagram... 3 4. About the sflow protocol...

More information

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,

More information

Comprehensive IP Traffic Monitoring with FTAS System

Comprehensive IP Traffic Monitoring with FTAS System Comprehensive IP Traffic Monitoring with FTAS System Tomáš Košňar kosnar@cesnet.cz CESNET, association of legal entities Prague, Czech Republic Abstract System FTAS is designed for large-scale continuous

More information

CSE 3461: Introduction to Computer Networking and Internet Technologies. Packet Switching. Presentation G

CSE 3461: Introduction to Computer Networking and Internet Technologies. Packet Switching. Presentation G CSE 3461: Introduction to Computer Networking and Internet Technologies Packet Switching Presentation G Study: 10.5, 10.6, 12.1, 12.2, 13.1, 13.2, 18.3, 18.4 Gojko Babić 10-09-2012 The Network Core mesh

More information

DG Forwarding Algorithm

DG Forwarding Algorithm DG Forwarding Algorithm Host or Router first check if destination on same Network Router multiple interfaces Match found deliver to that Network If not found default router for every router a default router

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference Best Practices for Troubleshooting NetFlow Introduction... 1 NetFlow Overview... 1 Troubleshooting NetFlow Service Status Issues... 3 Troubleshooting NetFlow Source Issues...

More information

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

PASS4TEST. IT Certification Guaranteed, The Easy Way!  We offer free update service for one year PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 200-101 Title : Interconnecting Cisco Networking Devices Part 2 (ICND2)

More information

Take the NetFlow Challenge!

Take the NetFlow Challenge! TM Scrutinizer NetFlow and sflow Analysis Scrutinizer is a NetFlow and sflow analyzer that provides another layer of cyber threat detection and incredibly detailed network utilization information about

More information

SNMP and Beyond: A Survey of Network Performance Monitoring Tools

SNMP and Beyond: A Survey of Network Performance Monitoring Tools http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, paul.moceri@gmail.com Abstract The growing

More information

Beyond Monitoring Root-Cause Analysis

Beyond Monitoring Root-Cause Analysis WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based

More information

Limitations of Packet Measurement

Limitations of Packet Measurement Limitations of Packet Measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing

More information

Internet Packets. Forwarding Datagrams

Internet Packets. Forwarding Datagrams Internet Packets Packets at the network layer level are called datagrams They are encapsulated in frames for delivery across physical networks Frames are packets at the data link layer Datagrams are formed

More information

SolarWinds. NetFlow Traffic Analyzer. Evaluation Guide. Version 4.2

SolarWinds. NetFlow Traffic Analyzer. Evaluation Guide. Version 4.2 SolarWinds NetFlow Traffic Analyzer Version 4.2 Evaluation Guide Last Updated: June 29, 2016 2016 SolarWinds Worldwide, LLC. All rights reserved. This document may not be reproduced by any means nor modified,

More information

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER CHAPTER 19 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 19-1 Licensing Requirements

More information

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol

More information

Networking Fundamentals Part of the SolarWinds IT Management Educational Series

Networking Fundamentals Part of the SolarWinds IT Management Educational Series Networking Fundamentals Part of the SolarWinds IT Management Educational Series V o l u m e 3 NetFlow Basics and Deployment Strategies This paper examines NetFlow technology and implementation considerations.

More information

HP Intelligent Management Center

HP Intelligent Management Center HP Intelligent Management Center Network Traffic Analyzer Administrator Guide Part number: 5998-1364 Software version: IMC NTA 5.2 (E0401) Document version: 5PW102-20121220 Legal and notice information

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information

Final for ECE374 05/06/13 Solution!!

Final for ECE374 05/06/13 Solution!! 1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

More information

Internet Management and Measurements Measurements

Internet Management and Measurements Measurements Internet Management and Measurements Measurements Ramin Sadre, Aiko Pras Design and Analysis of Communication Systems Group University of Twente, 2010 Measurements What is being measured? Why do you measure?

More information

Cisco.Selftestengine.642-813.v2013-11-30.by.Amy.32q

Cisco.Selftestengine.642-813.v2013-11-30.by.Amy.32q Cisco.Selftestengine.642-813.v2013-11-30.by.Amy.32q Number: 642-813 Passing Score: 825 Time Limit: 120 min File Version: 14.5 http://www.gratisexam.com/ Exam Code: 642-813 Exam Name: Cisco implementing

More information

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus Router Architecture Overview Two key router functions: run routing algorithms/protocol (RIP, OSPF, BGP) forwarding grams from incoming to outgoing link Input Port Functions Physical layer: bit-level reception

More information

PANDORA FMS NETWORK DEVICE MONITORING

PANDORA FMS NETWORK DEVICE MONITORING NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,

More information

TELE9752 Network Operations and Control Week 10p: Performance

TELE9752 Network Operations and Control Week 10p: Performance TELE9752 Network Operations and Control Week 10p: Performance 2J Copyright Tim Moors 2013 1 Outline Context Other courses References FCAPS links Measuring performance Service Level Agreements (SLAs) Flow

More information

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF Network Layer IPv4 Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF IPv4 Internet Protocol (IP) is the glue that holds the Internet together.

More information

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help About ManageEngine Network Servers & Applications Desktop ServiceDesk Windows Infrastructure

More information

Traffic Monitoring in a Switched Environment

Traffic Monitoring in a Switched Environment Traffic Monitoring in a Switched Environment InMon Corp. 1404 Irving St., San Francisco, CA 94122 www.inmon.com 1. SUMMARY This document provides a brief overview of some of the issues involved in monitoring

More information

HP IMC User Behavior Auditor

HP IMC User Behavior Auditor HP IMC User Behavior Auditor Administrator Guide Abstract This guide describes the User Behavior Auditor (UBA), an add-on service module of the HP Intelligent Management Center. UBA is designed for IMC

More information

Integrated Traffic Monitoring

Integrated Traffic Monitoring 61202880L1-29.1F November 2009 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of

More information

Configuring NetFlow-lite

Configuring NetFlow-lite CHAPTER 55 Note NetFlow-lite is only supported on Catalyst 4948E Ethernet Switch. This chapter describes how to configure NetFlow-lite on the Catalyst 4948E switch. NetFlow-lite provides traffic monitoring

More information

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Revised 2/1/2007 Introduction...2 Requirements...2 Catalyst 4500 Series...2 Enabling NetFlow...2 Configuring a NetFlow Destination...3

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference New to Networking Volume 3 NetFlow Basics and Deployment Strategies Section 1 The Need for Flow Analysis...1 Section 2 How does NetFlow Work?...1 The NetFlow Cache...2 The

More information

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004 Cisco NetFlow TM Briefing Paper Release 2.2 Monday, 02 August 2004 Contents EXECUTIVE SUMMARY...3 THE PROBLEM...3 THE TRADITIONAL SOLUTIONS...4 COMPARISON WITH OTHER TECHNIQUES...6 CISCO NETFLOW OVERVIEW...7

More information

Network Layer: Network Layer and IP Protocol

Network Layer: Network Layer and IP Protocol 1 Network Layer: Network Layer and IP Protocol Required reading: Garcia 7.3.3, 8.1, 8.2.1 CSE 3213, Winter 2010 Instructor: N. Vlajic 2 1. Introduction 2. Router Architecture 3. Network Layer Protocols

More information

Network layer: Overview. Network layer functions IP Routing and forwarding

Network layer: Overview. Network layer functions IP Routing and forwarding Network layer: Overview Network layer functions IP Routing and forwarding 1 Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every host, router application

More information

NetFlow Configuration Guide, Cisco IOS Release 12.4

NetFlow Configuration Guide, Cisco IOS Release 12.4 NetFlow Configuration Guide, Cisco IOS Release 12.4 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Introduction to Netflow

Introduction to Netflow Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export Last Updated: November 28, 2011 This module contains the minimum amount of information about and instructions necessary for configuring

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

Network layer. Data Link Layer Network Interface Card TCP 1 TCP 2 UDP. TCP IP Interface UDP IP Interface RSVP ARP ICMP

Network layer. Data Link Layer Network Interface Card TCP 1 TCP 2 UDP. TCP IP Interface UDP IP Interface RSVP ARP ICMP Network layer The Network Layer ( layer 3 ) is made of IP and a large number of auxiliary protocols. Some of the auxiliary protocols do not fit very well into the OSI stack structure. Application Application

More information

Gaining Operational Efficiencies with the Enterasys S-Series

Gaining Operational Efficiencies with the Enterasys S-Series Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction

More information

QOS IN NETWORK TRAFFIC MANAGEMENT

QOS IN NETWORK TRAFFIC MANAGEMENT 24 Acta Electrotechnica et Informatica, Vol. 10, No. 4, 2010, 24 28 QOS IN NETWORK TRAFFIC MANAGEMENT Peter FECIĽAK, Katarína KLEINOVÁ, Jozef JANITOR Department of Computers and Informatics, Faculty of

More information

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation R.Navaneethakrishnan Assistant Professor (SG) Bharathiyar College of Engineering and Technology, Karaikal, India.

More information

Guide to TCP/IP, Third Edition. Chapter 5: Transport Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 5: Transport Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 5: Transport Layer TCP/IP Protocols Objectives Understand the key features and functions of the User Datagram Protocol Explain the mechanisms that drive segmentation,

More information